Print this page
NEX-15391 smbadm man page needs updating
Reviewed by: Dan Fields <dan.fields@nexenta.com>
Reviewed by: Matt Barden <matt.barden@nexenta.com>
NEX-15391 smbadm man page needs updating
Reviewed by: Dan Fields <dan.fields@nexenta.com>
Reviewed by: Matt Barden <matt.barden@nexenta.com>
SMB-106 Add '-y' flag to 'smbadm join' command
@@ -1,387 +1,269 @@
SMBADM(1M) Maintenance Commands SMBADM(1M)
-
-
NAME
- smbadm - configure and manage CIFS local groups and users, and manage
+ smbadm - configure and manage SMB local groups and users, and manage
domain membership
SYNOPSIS
- smbadm add-member -m member [[-m member] ...] group
-
-
smbadm create [-d description] group
-
-
smbadm delete group
-
-
+ smbadm rename group new-group
+ smbadm show [-mp] [group]
+ smbadm get [-p property]... group
+ smbadm set -p property=value [-p property=value]... group
+ smbadm add-member -m member [-m member]... group
+ smbadm remove-member -m member [-m member]... group
+ smbadm delete-user username
smbadm disable-user username
-
-
smbadm enable-user username
-
-
- smbadm get [[-p property] ...] group
-
-
smbadm join [-y] -u username domain
-
-
smbadm join [-y] -w workgroup
-
-
smbadm list
+ smbadm lookup account-name [account-name]...
-
- smbadm lookup account-name [account-name [...]]
-
-
- smbadm remove-member -m member [[-m member] ...] group
-
-
- smbadm rename group new-group
-
-
- smbadm set -p property=value [[-p property=value] ...] group
-
-
- smbadm show [-m] [-p] [group]
-
-
DESCRIPTION
- The smbadm command is used to configure CIFS local groups and to manage
- domain membership. You can also use the smbadm command to enable or
- disable SMB password generation for individual local users.
+ The smbadm command is used to configure SMB local groups and users, and
+ to manage domain membership. You can also use the smbadm command to
+ enable or disable SMB password generation for individual local users.
-
- CIFS local groups can be used when Windows accounts must be members of
+ SMB local groups can be used when Windows accounts must be members of
some local groups and when Windows style privileges must be granted.
- Solaris local groups cannot provide these functions.
+ System local groups cannot provide these functions.
+ There are two types of local groups: user defined and built-in. Built-in
+ local groups are predefined local groups to support common administration
+ tasks.
- There are two types of local groups: user defined and built-in. Built-
- in local groups are predefined local groups to support common
- administration tasks.
+ In order to provide proper identity mapping between SMB local groups and
+ system groups, a SMB local group must have a corresponding system group.
+ This requirement has two consequences: first, the group name must conform
+ to the intersection of the Windows and system group name rules. Thus, a
+ SMB local group name can be up to eight (8) characters long and contain
+ only lowercase characters and numbers. Second, a system local group has
+ to be created before a SMB local group can be created.
+ Built-in groups are standard Windows groups and are predefined by the SMB
+ service. The built-in groups cannot be added, removed, or renamed, and
+ these groups do not follow the SMB local group naming conventions.
- In order to provide proper identity mapping between CIFS local groups
- and Solaris groups, a CIFS local group must have a corresponding
- Solaris group. This requirement has two consequences: first, the group
- name must conform to the intersection of the Windows and Solaris group
- name rules. Thus, a CIFS local group name can be up to eight (8)
- characters long and contain only lowercase characters and numbers.
- Second, a Solaris local group has to be created before a CIFS local
- group can be created.
-
-
- Built-in groups are standard Windows groups and are predefined by the
- CIFS service. The built-in groups cannot be added, removed, or renamed,
- and these groups do not follow the CIFS local group naming conventions.
-
-
- When the CIFS server is started, the following built-in groups are
+ When the SMB server is started, the following built-in groups are
available:
- Administrators
+ Administrators Group members can administer the system.
- Group members can administer the system.
+ Backup Operators Group members can bypass file access controls to back
+ up and restore files.
+ Power Users Group members can share directories.
- Backup Operators
-
- Group members can bypass file access controls to back up and
- restore files.
-
-
- Power Users
-
- Group members can share directories.
-
-
-
- Solaris local users must have an SMB password for authentication and to
- gain access to CIFS resources. This password is created by using the
+ System local users must have an SMB password for authentication and to
+ gain access to SMB resources. This password is created by using the
passwd(1) command when the pam_smb_password module is added to the
system's PAM configuration. See the pam_smb_passwd(5) man page.
-
The disable-user and enable-user subcommands control SMB password-
generation for a specified local user. When disabled, the user is
- prevented from connecting to the Solaris CIFS service. By default, SMB
- password-generation is enabled for all local users.
+ prevented from connecting to the SMB service. By default, SMB password-
+ generation is enabled for all local users.
-
- To reenable a disabled user, you must use the enable-user subcommand
- and then reset the user's password by using the passwd command. The
+ To reenable a disabled user, you must use the enable-user subcommand and
+ then reset the user's password by using the passwd command. The
pam_smb_passwd.so.1 module must be added to the system's PAM
configuration to generate an SMB password.
Escaping Backslash Character
For the add-member, remove-member, and join (with -u) subcommands, the
- backslash character (\) is a valid separator between member or user
+ backslash character ("\") is a valid separator between member or user
names and domain names. The backslash character is a shell special
character and must be quoted. For example, you might escape the
backslash character with another backslash character: domain\\username.
- For more information about handling shell special characters, see the
- man page for your shell.
+ For more information about handling shell special characters, see the man
+ page for your shell.
OPERANDS
The smbadm command uses the following operands:
- domain
+ domain Specifies the name of an existing Windows domain to join.
- Specifies the name of an existing Windows domain to join.
+ group Specifies the name of the SMB local group.
+ username Specifies the name of a system local user.
- group
+SUBCOMMANDS
+ The smbadm command includes these subcommands:
- Specifies the name of the CIFS local group.
+ create [-d description] group
+ Creates a SMB local group with the specified name. You can
+ optionally specify a description of the group by using the -d
+ option.
+ delete group
+ Deletes the specified SMB local group. The built-in groups
+ cannot be deleted.
- username
+ rename group new-group
+ Renames the specified SMB local group. The group must already
+ exist. The built-in groups cannot be renamed.
- Specifies the name of a Solaris local user.
+ show [-mp] [group]
+ Shows information about the specified SMB local group or groups.
+ If no group is specified, information is shown for all groups.
+ If the -m option is specified, the group members are also shown.
+ If the -p option is specified, the group privileges are also
+ shown.
+ get [-p property=value]... group
+ Retrieves property values for the specified group. If no
+ property is specified, all property values are shown.
-SUBCOMMANDS
- The smbadm command includes these subcommands:
+ set -p property=value [-p property=value]... group
+ Sets configuration properties for a SMB local group. The
+ description and the privileges for the built-in groups cannot be
+ changed.
- add-member -m member [[-m member] ...] group
+ The -p property=value option specifies the list of properties to
+ be set on the specified group.
- Adds the specified member to the specified CIFS local group. The -m
- member option specifies the name of a CIFS local group member. The
- member name must include an existing user name and an optional
- domain name.
+ The group-related properties are as follows:
+ backup=on|off
+ Specifies whether members of the SMB local group can
+ bypass file access controls to back up file system
+ objects.
+
+ description=description-text
+ Specifies a text description for the SMB local group.
+
+ restore=on|off
+ Specifies whether members of the SMB local group can
+ bypass file access controls to restore file system
+ objects.
+
+ take-ownership=on|off
+ Specifies whether members of the SMB local group can take
+ ownership of file system objects.
+
+ add-member -m member [-m member]... group
+ Adds the specified member to the specified SMB local group. The
+ -m member option specifies the name of a SMB local group member.
+ The member name must include an existing user name and an
+ optional domain name.
+
Specify the member name in either of the following formats:
[domain\]username
[domain/]username
-
For example, a valid member name might be sales\terry or
sales/terry, where sales is the Windows domain name and terry is
the name of a user in the sales domain.
+ remove-member -m member [-m member]... group
+ Removes the specified member from the specified SMB local group.
+ The -m member option specifies the name of a SMB local group
+ member. The member name must include an existing user name and
+ an optional domain name.
- create [-d description] group
+ Specify the member name in either of the following formats:
- Creates a CIFS local group with the specified name. You can
- optionally specify a description of the group by using the -d
- option.
+ [domain\]username
+ [domain/]username
+ For example, a valid member name might be sales\terry or
+ sales/terry, where sales is the Windows domain name and terry is
+ the name of a user in the sales domain.
- delete group
+ delete-user username
+ Deletes SMB password for the specified local user effectively
+ preventing the access by means of the SMB service. Use passwd
+ command to create the SMB password and re-enable access.
- Deletes the specified CIFS local group. The built-in groups cannot
- be deleted.
-
-
- disable username
-
+ disable-user username
Disables SMB password-generation capabilities for the specified
- local user. A disabled local user is prevented from accessing the
- system by means of the CIFS service. When a local user account is
- disabled, you cannot use the passwd command to modify the user's
- SMB password until the user account is reenabled.
+ local user effectively preventing access by means of the SMB
+ service. When a local user account is disabled, you cannot use
+ the passwd command to modify the user's SMB password until the
+ user account is re-enabled.
-
- enable username
-
+ enable-user username
Enables SMB password-generation capabilities for the specified
- local user. After the password-generation capabilities are
- reenabled, you must use the passwd command to generate the SMB
- password for the local user before he can connect to the CIFS
- service.
+ local user and re-enables access. After the password-generation
+ capabilities are re-enabled, use the passwd command to generate
+ the SMB password for the local user.
- The passwd command manages both the Solaris password and SMB
- password for this user if the pam_smb_passwd module has been added
- to the system's PAM configuration.
+ The passwd command manages both the system password and SMB
+ password for this user if the pam_smb_passwd module has been
+ added to the system's PAM configuration.
-
- get [[-p property=value] ...] group
-
- Retrieves property values for the specified group. If no property
- is specified, all property values are shown.
-
-
join [-y] -u username domain
+ Joins a Windows domain.
- Joins a Windows domain or a workgroup.
+ An authenticated user account is required to join a domain, so
+ you must specify the Windows administrative user name with the -u
+ option. If the password is not specified on the command line,
+ the user is prompted for it. This user should be the domain
+ administrator or any user who has administrative privileges for
+ the target domain.
- The default mode for the CIFS service is workgroup mode, which uses
- the default workgroup name, WORKGROUP.
+ username and domain can be entered in any of the following
+ formats:
- An authenticated user account is required to join a domain, so you
- must specify the Windows administrative user name with the -u
- option. If the password is not specified on the command line, the
- user is prompted for it. This user should be the domain
- administrator or any user who has administrative privileges for the
- target domain.
-
- username and domain can be entered in any of the following formats:
-
username[+password] domain
domain\username[+password]
domain/username[+password]
username@domain
-
...where domain can be the NetBIOS or DNS domain name.
If a machine trust account for the system already exists on a
- domain controller, any authenticated user account can be used when
- joining the domain. However, if the machine trust account does not
- already exist, an account that has administrative privileges on the
- domain is required to join the domain. Specifying -y will bypass
- the smb service restart prompt.
+ domain controller, any authenticated user account can be used
+ when joining the domain. However, if the machine trust account
+ does not already exist, an account that has administrative
+ privileges on the domain is required to join the domain.
+ Specifying -y will bypass the SMB service restart prompt.
-
join [-y] -w workgroup
+ Joins a Windows workgroup.
- Joins a Windows domain or a workgroup.
+ The default mode for the SMB service is workgroup mode, which
+ uses the default workgroup name, "WORKGROUP".
- The -w workgroup option specifies the name of the workgroup to join
- when using the join subcommand. Specifying -y will bypass the smb
- service restart prompt.
+ The -w workgroup option specifies the name of the workgroup to
+ join when using the join subcommand. Specifying -y will bypass
+ the SMB service restart prompt.
-
- list
-
- Shows information about the current workgroup or domain. The
+ list Shows information about the current workgroup or domain. The
information typically includes the workgroup name or the primary
- domain name. When in domain mode, the information includes domain
- controller names and trusted domain names.
+ domain name. When in domain mode, the information includes
+ domain controller names and trusted domain names.
- Each entry in the ouput is identified by one of the following tags:
+ Each entry in the ouput is identified by one of the following
+ tags:
- - [*] -
- Primary domain
+ [*] Primary domain
+ [.] Local domain
- - [.] -
- Local domain
+ [-] Other domains
+ [+] Selected domain controller
- - [-] -
- Other domains
-
-
- - [+] -
- Selected domain controller
-
-
-
- lookup account-name [account-name [...]]
-
-
- Lookup the SID for the given account-name, or lookup the account-
- name for the given SID. This subcommand is primarily for
+ lookup account-name [account-name]...
+ Lookup the SID for the given account-name, or lookup the
+ account-name for the given SID. This subcommand is primarily for
diagnostic use, to confirm whether the server can lookup domain
accounts and/or SIDs.
-
- remove-member -m member [[-m member] ...] group
-
- Removes the specified member from the specified CIFS local group.
- The -m member option specifies the name of a CIFS local group
- member. The member name must include an existing user name and an
- optional domain name.
-
- Specify the member name in either of the following formats:
-
- [domain\]username
- [domain/]username
-
-
- For example, a valid member name might be sales\terry or
- sales/terry, where sales is the Windows domain name and terry is
- the name of a user in the sales domain.
-
-
- rename group new-group
-
- Renames the specified CIFS local group. The group must already
- exist. The built-in groups cannot be renamed.
-
-
- set -p property=value [[-p property=value] ...] group
-
- Sets configuration properties for a CIFS local group. The
- description and the privileges for the built-in groups cannot be
- changed.
-
- The -p property=value option specifies the list of properties to be
- set on the specified group.
-
- The group-related properties are as follows:
-
- backup=[on|off]
-
- Specifies whether members of the CIFS local group can bypass
- file access controls to back up file system objects.
-
-
- description=description-text
-
- Specifies a text description for the CIFS local group.
-
-
- restore=[on|off]
-
- Specifies whether members of the CIFS local group can bypass
- file access controls to restore file system objects.
-
-
- take-ownership=[on|off]
-
- Specifies whether members of the CIFS local group can take
- ownership of file system objects.
-
-
-
- show [-m] [-p] [group]
-
- Shows information about the specified CIFS local group or groups.
- If no group is specified, information is shown for all groups. If
- the -m option is specified, the group members are also shown. If
- the -p option is specified, the group privileges are also shown.
-
-
EXIT STATUS
- The following exit values are returned:
+ The smbadm utility exits 0 on success, and >0 if an error occurs.
- 0
- Successful completion.
+INTERFACE STABILITY
+ Utility name and options are Uncommitted. Utility output format is
+ Not-An-Interface.
-
- >0
- An error occurred.
-
-
-ATTRIBUTES
- See the attributes(5) man page for descriptions of the following
- attributes:
-
-
-
-
- +-------------------------+------------------+
- | ATTRIBUTE TYPE | ATTRIBUTE VALUE |
- +-------------------------+------------------+
- |Utility Name and Options | Uncommitted |
- +-------------------------+------------------+
- |Utility Output Format | Not-An-Interface |
- +-------------------------+------------------+
- |smbadm join | Obsolete |
- +-------------------------+------------------+
-
SEE ALSO
passwd(1), groupadd(1M), idmap(1M), idmapd(1M), kclient(1M), share(1M),
sharectl(1M), sharemgr(1M), smbd(1M), smbstat(1M), smb(4),
smbautohome(4), attributes(5), pam_smb_passwd(5), smf(5)
-
-
- April 9, 2016 SMBADM(1M)
+illumos November 18, 2017 illumos